Mercurial > hg > freeDiameter
view extensions/acl_wl/acl_wl.c @ 1510:a2fb51309cd2
Add 3GPP TS 29.345 V15.1.0 (2019-09)
Add AVPs:
- App-Layer-User-Id, UTF8String, code 3801, section 6.3.2
- Assistance-info, Grouped, code 3802, section 6.3.3
- Assistance-Info-Validity-Timer, Unsigned32, code 3803, section 6.3.4
- Discovery-Type, Unsigned32, code 3804, section 6.3.5
- Filter-Id, OctetString, code 3805, section 6.3.9
- MAC-Address, UTF8String, code 3806, section 6.3.11
- Match-Report, Grouped, code 3807, section 6.3.12
- Operating-Channel, Unsigned32, code 3808, section 6.3.14
- P2P-Features, Unsigned32, code 3809, section 6.3.15
- ProSe-App-Code, OctetString, code 3810, section 6.3.16
- ProSe-App-Id, UTF8String, code 3811, section 6.3.17
- ProSe-App-Mask, OctetString, code 3812, section 6.3.18
- ProSe-Discovery-Filter, Grouped, code 3813, section 6.3.20
- PRR-Flags, Unsigned32, code 3814, section 6.3.21
- ProSe-Validity-Timer, Unsigned32, code 3815, section 6.3.22
- Requesting-EPUID, UTF8String, code 3816, section 6.3.23
- Targeted-EPUID, UTF8String, code 3817, section 6.3.26
- Time-Window, Unsigned32, code 3818, section 6.3.27
- WiFi-P2P-Assistance-Info, Grouped, code 3819, section 6.3.30
- WLAN-Assistance-Info, Grouped, code 3820, section 6.3.31
- WLAN-Link-Layer-Id, OctetString, code 3821, section 6.3.32
- WLAN-Link-Layer-Id-List, Grouped, code 3822, section 6.3.33
- Location-Update-Trigger, Grouped, code 3823, section 6.3.42
- Location-Update-Event-Type, Unsigned32, code 3824, section 6.3.43
- Change-Of-Area-Type, Grouped, code 3825, section 6.3.44
- Location-Update-Event-Trigger, Unsigned32, code 3826, section 6.3.45
- Report-Cardinality, Enumerated, code 3827, section 6.3.46
- Minimum-Interval-Time, Unsigned32, code 3828, section 6.3.47
- Periodic-Location-Type, Grouped, code 3829, section 6.3.48
- Location-Report-Interval-Time, Unsigned32, code 3830, section 6.3.49
- Total-Number-Of-Reports, Unsigned32, code 3831, section 6.3.50
- Validity-Time-Announce, Unsigned32, code 3832, section 6.3.36
- Validity-Time-Monitor, Unsigned32, code 3833, section 6.3.37
- Validity-Time-Communication, Unsigned32, code 3834, section 6.3.38
- ProSe-App-Code-Info, Grouped, code 3835, section 6.3.39
- MIC, OctetString, code 3836, section 6.3.40
- UTC-based-Counter, Unsigned32, code 3837, section 6.3.41
- ProSe-Match-Refresh-Timer, Unsigned32, code 3838, section 6.3.52
- ProSe-Metadata-Index-Mask, OctetString, code 3839, section 6.3.60
- App-Identifier, Grouped, code 3840, section 6.3.61
- OS-ID, OctetString, code 3841, section 6.3.62
- OS-App-ID, UTF8String, code 3842, section 6.3.63
- Requesting-RPAUID, UTF8String, code 3843, section 6.3.64
- Target-RPAUID, UTF8String, code 3844, section 6.3.65
- Target-PDUID, OctetString, code 3845, section 6.3.66
- ProSe-Restricted-Code, OctetString, code 3846, section 6.3.67
- ProSe-Restricted-Code-Suffix-Range, OctetString, code 3847, section 6.3.68
- Beginning-Suffix, OctetString, code 3848, section 6.3.69
- Ending-Suffix, OctetString, code 3849, section 6.3.70
- Discovery-Entry-ID, Unsigned32, code 3850, section 6.3.59
- Match-Timestamp, Time, code 3851, section 6.3.71
- PMR-Flags, Unsigned32, code 3852, section 6.3.57
- ProSe-Application-Metadata, UTF8String, code 3853, section 6.3.58
- Discovery-Auth-Request, Grouped, code 3854, section 6.3.53
- Discovery-Auth-Response, Grouped, code 3855, section 6.3.54
- Match-Request, Grouped, code 3856, section 6.3.55
- Match-Report-Info, Grouped, code 3857, section 6.3.56
- Banned-RPAUID, UTF8String, code 3858, section 6.3.73
- Banned-PDUID, OctetString, code 3859, section 6.3.74
- Code-Receiving-Security-Material, Grouped, code 3860, section 6.3.75
- Code-Sending-Security-Material, Grouped, code 3861, section 6.3.76
- DUSK, OctetString, code 3862, section 6.3.77
- DUIK, OctetString, code 3863, section 6.3.78
- DUCK, OctetString, code 3864, section 6.3.79
- MIC-Check-indicator, Unsigned32, code 3865, section 6.3.80
- Encrypted-Bitmask, OctetString, code 3866, section 6.3.81
- ProSe-App-Code-Suffix-Range, OctetString, code 3867, section 6.3.82
- PC5-tech, OctetString, code 3868, section 6.3.84
Note: Name conflict with 3GPP TS 29.154 Time-Window (4204).
Time-Window (3818) in 3GPP TS 29.345 V12.1.0 (2014-12) predates
Time-Window (4204) in 3GPP TS 29.154 V13.1.0 (2016-03).
| author | Luke Mewburn <luke@mewburn.net> |
|---|---|
| date | Sun, 05 Apr 2020 08:27:37 +1000 |
| parents | 0dff6a604b0a |
| children | 566bb46cc73f |
line wrap: on
line source
/********************************************************************************************************* * Software License Agreement (BSD License) * * Author: Sebastien Decugis <sdecugis@freediameter.net> * * * * Copyright (c) 2011, WIDE Project and NICT * * All rights reserved. * * * * Redistribution and use of this software in source and binary forms, with or without modification, are * * permitted provided that the following conditions are met: * * * * * Redistributions of source code must retain the above * * copyright notice, this list of conditions and the * * following disclaimer. * * * * * Redistributions in binary form must reproduce the above * * copyright notice, this list of conditions and the * * following disclaimer in the documentation and/or other * * materials provided with the distribution. * * * * * Neither the name of the WIDE Project or NICT nor the * * names of its contributors may be used to endorse or * * promote products derived from this software without * * specific prior written permission of WIDE Project and * * NICT. * * * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED * * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR * * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *********************************************************************************************************/ /* * Whitelist extension for freeDiameter. */ #include <pthread.h> #include <signal.h> #include "acl_wl.h" static pthread_rwlock_t acl_wl_lock; #define MODULE_NAME "acl_wl" static char *acl_wl_config_file; /* The validator function */ static int aw_validate(struct peer_info * info, int * auth, int (**cb2)(struct peer_info *)) { int res; TRACE_ENTRY("%p %p %p", info, auth, cb2); CHECK_PARAMS(info && auth && cb2); /* We don't use the second callback */ *cb2 = NULL; /* Default to unknown result */ *auth = 0; if (pthread_rwlock_rdlock(&acl_wl_lock) != 0) { fd_log_notice("%s: read-lock failed, skipping handler", MODULE_NAME); return 0; } /* Now search the peer in our tree */ CHECK_FCT( aw_tree_lookup(info->pi_diamid, &res) ); if (pthread_rwlock_unlock(&acl_wl_lock) != 0) { fd_log_notice("%s: read-unlock failed after aw_tree_lookup, exiting", MODULE_NAME); exit(1); } if (res < 0) { /* The peer is not whitelisted */ return 0; } /* We found the peer in the tree, now check the status */ /* First, if TLS is already in place, just accept */ if (info->runtime.pir_cert_list) { *auth = 1; return 0; } /* Now, if we did not specify any flag, reject */ if (res == 0) { TRACE_DEBUG(INFO, "Peer '%s' rejected, only TLS-protected connection is whitelisted.", info->pi_diamid); /* We don't actually set *auth = -1, leave space for a further extension to validate the peer */ return 0; } /* Otherwise, just set the configured flags for the peer, and authorize it */ *auth = 1; /* Save information about the security mechanism to use after CER/CEA exchange */ if ((res & PI_SEC_NONE) && (res & PI_SEC_TLS_OLD)) res = PI_SEC_NONE; /* If we authorized it, we must have an IPsec tunnel setup, no need for TLS in this case */ info->config.pic_flags.sec = res; return 0; } static volatile int in_signal_handler = 0; /* signal handler */ static void sig_hdlr(void) { struct fd_list old_tree; if (in_signal_handler) { fd_log_error("%s: already handling a signal, ignoring new one", MODULE_NAME); return; } in_signal_handler = 1; if (pthread_rwlock_wrlock(&acl_wl_lock) != 0) { fd_log_error("%s: locking failed, aborting config reload", MODULE_NAME); return; } /* save old config in case reload goes wrong */ old_tree = tree_root; fd_list_init(&tree_root, NULL); if (aw_conf_handle(acl_wl_config_file) != 0) { fd_log_error("%s: error reloading configuration, restoring previous configuration", MODULE_NAME); aw_tree_destroy(); tree_root = old_tree; } else { struct fd_list new_tree; new_tree = tree_root; tree_root = old_tree; aw_tree_destroy(); tree_root = new_tree; } if (pthread_rwlock_unlock(&acl_wl_lock) != 0) { fd_log_error("%s: unlocking failed after config reload, exiting", MODULE_NAME); exit(1); } fd_log_notice("%s: reloaded configuration", MODULE_NAME); in_signal_handler = 0; } /* entry point */ static int aw_entry(char * conffile) { TRACE_ENTRY("%p", conffile); CHECK_PARAMS(conffile); acl_wl_config_file = conffile; pthread_rwlock_init(&acl_wl_lock, NULL); if (pthread_rwlock_wrlock(&acl_wl_lock) != 0) { fd_log_notice("%s: write-lock failed, aborting", MODULE_NAME); return EDEADLK; } /* Parse configuration file */ CHECK_FCT( aw_conf_handle(conffile) ); TRACE_DEBUG(INFO, "Extension ACL_wl initialized with configuration: '%s'", conffile); if (TRACE_BOOL(ANNOYING)) { aw_tree_dump(); } if (pthread_rwlock_unlock(&acl_wl_lock) != 0) { fd_log_notice("%s: write-unlock failed, aborting", MODULE_NAME); return EDEADLK; } /* Register reload callback */ CHECK_FCT(fd_event_trig_regcb(SIGUSR1, MODULE_NAME, sig_hdlr)); /* Register the validator function */ CHECK_FCT( fd_peer_validate_register ( aw_validate ) ); return 0; } /* Unload */ void fd_ext_fini(void) { /* Destroy the tree */ aw_tree_destroy(); } EXTENSION_ENTRY(MODULE_NAME, aw_entry);